Skip to content

Commit

Permalink
ci: fix security issues in Dockerfile
Browse files Browse the repository at this point in the history
  • Loading branch information
ArtemSBulgakov committed Sep 29, 2024
1 parent 68aa242 commit d9fddf8
Showing 1 changed file with 5 additions and 6 deletions.
11 changes: 5 additions & 6 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -23,23 +23,23 @@ ENV PATH="$POETRY_HOME/bin:$VENV_PATH/bin:$PATH"
FROM base AS builder
RUN apt-get update \
&& apt-get install --no-install-recommends -y \
build-essential \
curl \
vim \
netcat \
build-essential \
vim \
&& rm -rf /var/lib/apt/lists/*

# Install Poetry. Respects $POETRY_VERSION and $POETRY_HOME
ENV POETRY_VERSION=1.8.3
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN curl -sSL https://install.python-poetry.org | POETRY_HOME=${POETRY_HOME} python3 - --version ${POETRY_VERSION} && \
RUN curl -sS https://install.python-poetry.org | POETRY_HOME=${POETRY_HOME} python3 - --version ${POETRY_VERSION} && \
chmod a+x /opt/poetry/bin/poetry

# We copy our Python requirements here to cache them
# and install only runtime deps using poetry
WORKDIR $PYSETUP_PATH
COPY ./poetry.lock ./pyproject.toml ./
RUN poetry install
RUN poetry install --no-interaction


###########################################################
Expand All @@ -48,8 +48,7 @@ FROM base AS production

COPY --from=builder $VENV_PATH $VENV_PATH

COPY ./deploy/docker-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh
COPY --chmod=755 ./deploy/docker-entrypoint.sh /

# Create user with the name poetry
RUN groupadd -g 1500 poetry && \
Expand Down

0 comments on commit d9fddf8

Please sign in to comment.